[Git][security-tracker-team/security-tracker][master] automatic update

Sat Nov 10 20:10:29 GMT 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2d894a65 by security tracker role at 2018-11-10T20:10:20Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2018-19150 (Memory corruption in PDMODELProvidePDModelHFT in pdmodel.dll in ...)
+	TODO: check
+CVE-2018-19149 (Poppler before 0.70.0 has a NULL pointer dereference in ...)
+	TODO: check
+CVE-2018-19148 (Caddy through 0.11.0 sends incorrect certificates for certain invalid ...)
+	TODO: check
 CVE-2018-19147
 	RESERVED
 CVE-2018-19146
@@ -2037,7 +2043,7 @@ CVE-2018-18286
 CVE-2018-18285
 	RESERVED
 CVE-2018-18284 (Artifex Ghostscript 9.25 and earlier allows attackers to bypass a ...)
-	{DLA-1552-1}
+	{DSA-4336-1 DLA-1552-1}
 	- ghostscript 9.25~dfsg-3 (bug #911175)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699963
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1696
@@ -2663,7 +2669,7 @@ CVE-2018-18074 (The Requests package before 2.20.0 for Python sends an HTTP ...)
 	NOTE: https://github.com/requests/requests/pull/4718
 	NOTE: https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff
 CVE-2018-18073 (Artifex Ghostscript allows attackers to bypass a sandbox protection ...)
-	{DLA-1552-1}
+	{DSA-4336-1 DLA-1552-1}
 	- ghostscript 9.25~dfsg-3 (bug #910758)
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1690
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699927
@@ -2982,7 +2988,7 @@ CVE-2018-17962 (Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c be
 	NOTE: https://www.openwall.com/lists/oss-security/2018/10/08/1
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=b1d80d12c5f7ff081bb80ab4f4241d4248691192
 CVE-2018-17961 (Artifex Ghostscript 9.25 and earlier allows attackers to bypass a ...)
-	{DLA-1552-1}
+	{DSA-4336-1 DLA-1552-1}
 	- ghostscript 9.25~dfsg-3 (bug #910678)
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1682
 	NOTE: https://www.openwall.com/lists/oss-security/2018/10/09/4
@@ -18957,7 +18963,7 @@ CVE-2018-11646 (webkitFaviconDatabaseSetIconForPageURL and ...)
 	NOTE: Not covered by security support
 	NOTE: https://webkitgtk.org/security/WSA-2018-0005.html
 CVE-2018-11645 (psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status ...)
-	{DLA-1504-1}
+	{DSA-4336-1 DLA-1504-1}
 	- ghostscript 9.21~dfsg-1 (low)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697193
 	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b60d50b7567369ad856cebe1efb6cd7dd2284219 (9.21rc1)
@@ -51928,7 +51934,7 @@ CVE-2018-0362 (A vulnerability in BIOS authentication management of Cisco 5000 S
 CVE-2018-0361 (ClamAV before 0.100.1 lacks a PDF object length check, resulting in an ...)
 	{DLA-1461-1}
 	- clamav 0.100.1+dfsg-1
-	 [stretch] - clamav 0.100.1+dfsg-0+deb9u1
+	[stretch] - clamav 0.100.1+dfsg-0+deb9u1
 	NOTE: https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html
 CVE-2018-0360 (ClamAV before 0.100.1 has an HWP integer overflow with a resultant ...)
 	{DLA-1461-1}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2d894a655bd3b43e50e429099c0deaa4ca57f66b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2d894a655bd3b43e50e429099c0deaa4ca57f66b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181110/f548c63d/attachment.html>
